Question/scenario...
I give my card to my daughter and let her use it to go to Walmart. She gives it back to me when she gets home, no problems. About a month later she gets my card out of my purse and buys all sorts of things with it. The fact that I had given her my card a month prior, does that make me liable for the unauthorized transactions (I didn't contact the bank after the Walmart purchase to revoke my authority) or since I did not authorize her to get in my purse and get my card make me not liable?

You would not be liable if the card was returned and then later taken by means of fraud or robbery.

From the commentary:
3. Access device obtained through robbery or fraud. An unauthorized EFT includes a transfer initiated by a person who obtained the access device from the consumer through fraud or robbery.

I agree with Adam. This is a debatable topic however. Some say that once I give my card to someone, everything they do is authorized, until I contact the bank and tell them it isn't. As I said, I don't stand on that position. We call it "Evergreen" and hope the CFPB will update Reg E to address this (and several other things).

I spoke with an FRB attorney before Reg E was turned over. There isn't an evergreen authority when a consumer gets the card back. It's theft/fraud when the card was stolen and re-used.

Think about it this way. If I write my PIN on my card, I have no add'l liability and if anyone in world gets hold of my card, they can use it. But if I loan my card and give my PIN to A, only A has it. Isn't that better than writing my PIN on the card? Then why should I be penalized for keeping my PIN more secretive when I didn't expect A to steal my card and use it?

Bottom line, re-secure the card and if it's stolen, it is not under the exception of 1005.2(m)2, but fraud under 1005.2(m)3.

David is correct that some banks take the "evergreen" approach, frankly, because it benefits the bank. Unfortunately, Reg E is a very consumer-friendly regulation and I would never advise in taking that approach (as David also referenced). The challenge for some is to establish a clear path of "fraud or robbery," which is why I worded my response the way I did. If a consumer does give a spouse/girlfriend/child an "evergreen" pass to use their card (meaning they are free to use it whenever they want), then I would agree that this is very debatable as it probably isn't "fraud or robbery" and the consumer is probably liable. That said, it can be very difficult to prove this (or even identify this) and as I said, Reg E is very consumer-friendly.